By partnering with key technology players, Entrust Datacard supports and solves some of the most commonly requested use cases in a variety of government agencies at many different levels with the Entrust IdentityGuard Mobile Derived Credential solution that is ready for deployment today.

A Complete Solution for NIST 800-157

The Need for Mobile Derived Credentials

As U.S. Government agencies establish plans to embrace mobile devices as alternatives to traditional desktop computers, special consideration must be given to ensure compliance with HSPD12 / FIPS 201 Personal Identity Verification (PIV) requirements. As such, NIST specification 800-157 outlines how PIV identities can be implemented and deployed directly on mobile devices. The mobile PIV credential is called a Derived PIV Credential.

The Entrust Datacard Mobile Derived Credential solution provides government agencies and contractors with a comprehensive, frictionless, and proven solution for placing Derived PIV Credentials onto mobile devices. Entrust Datacard Mobile Derived Credentials are easily accessed by employees and help harness the power of mobile as the new desktop by providing secure, anywhere, anytime access to work files and systems.

Entrust Datacard has put together a white paper to help you understand the need for mobile derived credentials.

The First Complete Mobile Derived Credential Solution

Deriving Trust from Bound Identities
The Entrust IdentityGuard Mobile Smart Credential application is encoded like a PIV smartcard, with a digital structure that follows the current PIV standard. This allows the Mobile Smart Credential to be encoded by Entrust IdentityGuard with the same certificate types and use the same communication language traditionally used on a physical PIV smartcard. The Entrust IdentityGuard Mobile Smart Credential is available for use on Apple iOS, Google Android and BlackBerry mobile operating systems.

Self-Service Capabilities
Entrust IdentityGuard is unique in its ability to provide a Self-Service Module (SSM); granting users’ access to request and manage their Derived PIV Credentials without the need for administrative interaction. This approach helps reduce operational costs by limiting the need to deploy specialized enrollment stations and kiosks abroad for derived credential enrollment.

PIN Unlock, Reset via SSM
Unlike PIV smartcards, PIN unblock and reset is easily self-managed through both the Entrust IdentityGuard SSM and directly on the mobile device through the Entrust Mobile Smart Credential application. With this solution, there is no need for a specialized kiosk for derived credential issuance and management. If policy does not allow for users to unlock or reset their derived credential PIN, or if the user loses their mobile device, the SSM allows for the old derived credential to be quickly suspended or revoked.

The Derived Credential Enrollment Process

Entrust IdentityGuard can be configured for several different Derived PIV Credential activation methods, providing the most flexible solution to meet the needs of various policies and requirements. These activation methods include:

QR Code with password displayed

QR Code with password via encrypted email

Email with password displayed

Email with password via encrypted email

These various activation options provide multiple, secure workflows for allowing a user to generate and activate their Derived PIV Credential.

Use Cases & Authentication Methods

There are two main ways a derived credential could be leveraged to increase security.

The first is to provide access to certificate-enabled mobile applications for authentication directly through the mobile device – removing the need for username and password.

The second is to use the derived credential to provide logical access to a traditional workstation or laptop; similar to how a PIV smartcard is used for SCLO

An advantage of the Entrust Mobile Smart Credential application is that both methods of access can be easily configured, and are enhanced through Entrust partnerships with other leaders in the mobile device industry.

Technical Support

Support Your System

Get downloads, documentation and support for your On-Demand Card Issuance products:

Need More Help?

For immediate assistance Entrust Datacard has Customer Care Centers that are available to serve customers in the Americas, EMEA, and Asia Pacific regions.

Resources

Measurable Benefits

Agility.

Easily support the diverse needs of people to securely access and transact across networks, applications, devices, and physical locations. Entrust Datacard offers a broad range of authentication solutions that help organizations respond and stay ahead in a more mobile, connected and ever-changing world.

Trust.

Transform your business and protect against breaches and fraud while staying in compliance with corporate and government regulations. Entrust Datacard leverages proven industry experience to deliver trusted identity and authentication solutions that help organizations support the needs of increasingly mobile and connected people, systems, and devices.

ABOUT ENTRUST DATACARD CORPORATION

Consumers, citizens and employees increasingly expect anywhere-anytime
experiences—whether they are making purchases, crossing borders,
accessing e-gov services or logging onto corporate networks. Entrust
Datacard offers the trusted identity and secure transaction technologies
that make those experiences reliable and secure. Solutions range from
the physical world of financial cards, passports and ID cards to the
digital realm of authentication, certificates and secure communications.